Posted on 06/01/2015 6:06:16 AM PDT by the_boy_who_got_lost
Your Social Security Number can be stolen in under an hour. And hundreds of website run by the government, universities and financial institutions among other companies are at fault.
... ... ...
It works essentially in the following way.
Is my victim's SSN 123-45-6789? No! Is my victim's SSN 123-45-6790? No! Is my victim's SSN 123-45-6788? Yes!
... ... ...
Very commonly all the hacker needs is:
A victims last name A victim's birth date A vulnerable website the victim uses.
... ... ...
Are any big players exposing SSNs?
I have a list of hundreds of websites who are vulnerable in one way or another. Some expose the entire SSN other just the serial number of the of the SSN.
I will be contacting, or attempting to contact the websites administrators of the vulnerable sites.
I am a Senior Software Engineer.
What I "reveal" here has been known in the industry for quite some time but the government and universities have been very slow to respond.
Tell a confidante your real name and etcetera’s for when you come up disappeared
The Department of Defense plays fast and loose with the SSNs of DoD employees. It TALKS about the importance of protecting Personal Identity Information but fails to implement basic protections and procedures.
Ask yourself: Why does a large federal entity such as the U.S. Army or U.S. Navy use Social Security Numbers on an everyday basis to confirm the identity of personnel, when every individual already has a UNIQUE email address and UNIQUE identity card and UNIQUE username and UNIQUE office location?
Why does one giant-sized federal agency use an ID number FROM AN ENTIRELY SEPARATE FEDERAL AGENCY to confirm identities of its employees?
After getting signed up and signed in on the very first day of their career, there is ZERO NEED TO KNOW the employee’s Social Security Number. Yet Dod asks for these every day, and distributes millions of them to various back-end server systems. And according to news reports, one of these systems was hacked by a foreign power.
When I first went into the Army in AUG 1967 I was RA 128-——. Then sometime over the next year or so it was changed to our SSAN. Didn’t seem a good idea to me at the time, and doesn’t now.
Sadly the only thing needed now is the last four digits.
This is not so good for wholesale SSN collection, but if you have a single target, check for any civil suits at the courthouse. Oftentimes, unredacted documents are attached that have the whole number included. Other useful identidfying info is often included.
It is commonly used for wholesale SSN collection.
For example, I have identified multiple universities who are vulnerable.
I have identified 10k + students attending these universities.
I have collected 500 birth dates of those students.
That was all done with only a few hours work and some algorithms which I have written.
If I did more work I could probably get some more birthdays.
Although it is targeted hacking it can be used in a whole sale manner as well.
Hackers only need collect 500 SSN’s a month to make a $100-$120k income in a year.
The IRS, and my state department of revenue, requires the taxpayer to write his/her social security number on the face of a check being sent to pay taxes. How many eyes see this check during processing at the IRS and through the bank clearing system?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.